]>
Improving ITR Resiliency in Locator/ID
Separation Protocol (LISP) NetworksOrangeRennes35000Francemohamed.boucadair@orange.comOrangeRennes35000Francechristian.jacquenet@orange.comInternet
IPv4 service continuityIPv4 address exhaustionService AvailabilityAddress sharingIPv6ReliabilityIPv4 over IPv6This document defines an extension to the Locator/ID Separation
Protocol (LISP) to minimize LISP service disruption during Ingress
Tunnel Routers (ITRs) failure events.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.Locator/ID Separation Protocol (LISP,
) operation relies upon a mapping mechanism that is used by
Ingress/Egress Tunnel Routers (xTR) to forward traffic over the LISP
network.A reboot of an ITR may dramatically affect the LISP-based forwarding
service for hosts connected to the LISP network. Because of the purge of
the mapping cache maintained by the rebooting ITR, the absence of a
matching entry for packets to be forwarded over the LISP network will
simply cause the dropping of such packets, even though other ITRs of the
LISP domain may be "ready-to-serve".An ITR that loses its local mapping table for some reason is very
likely to drop incoming packets whose forwarding decision relies upon
the entries of the local mapping table. This type of ITR failure may
rarely occur, but when it does, it is likely to provoke severe service
degradation.This document proposes a solution to enhance the robustness of LISP
networks during such ITR failure events. This document assumes that
several ITRs are available within the LISP network. The solution allows
for an automatic discovery of the available ITRs of a given LISP
domain.The approach exclusively focuses on engineering tweaks that can be
implemented within a LISP-enabled network without soliciting the help of
the LISP Mapping System. is a companion document
that specifies a procedure that is meant to rapidly populate a local
mapping cache upon restart or whenever failures affect ITR
operation.The overall procedure is as follows:A dedicated IPv4 and/or IPv6 multicast address is reserved for
ITR resiliency (called @MCAST in this document). An address can be
reserved by an administrator for this purpose.A list of unicast addresses of available ITRs in a given domain
is maintained by the requesting ITR (ITR-PEER-LIST).When an ITR loses its mapping table for some reason (power
failure, software issue, etc.), but can still forward packets, it
checks whether it maintains a list of peer ITRs. If the peer ITR
list is empty, it sends a message, denoted Map-Solicit-Request
(), to @MCAST. If a list is available, the
ITR follows Steps (5, 6, and 7). Note that
the same IP address (@MCAST) is used to announce the availability of
an ITR within a LISP domain on a regular basis.Once this message is received by another ITR reachable in the
LISP domain, it replies with a Map-Solicit-Reply () using its unicast address as the source IP
address. The Map-Solicit-Reply includes the following
information:Database Status (including cache status). A status set to
'Null' indicates this ITR does not maintain any cache because,
e.g., it is a new ITR, it lost its mappings, etc.The content of local ITR-PEER-LIST: This is to accelerate the
process of discovering other ITRs within a LISP domain without
waiting for responses from other ITRs.Synchronisation reachability information (address, port
number, protocol, etc.)Bulk mapping requests (e.g., or ) are then sent
to peer ITRs to retrieve a copy of their map cache. One or several
ITRs can be solicited simultaneously.In the meantime, cache synchronisation is in progress, packets
that do not match a mapping entry are redirected to another ITR in
the domain that has its database 'ready-to-serve'. These packets are
encapsulated in a LISP header using the unicast address discovered
in the previous steps.A peer ITR decapsulates the packet, encapsulates it according to
the matching mapping entry, and forwards the encapsulated packet
towards the next hop. Moreover, it sends an unsolicited Map-Reply to
the original ITR so that it can handle locally subsequent packets
that belong to this flow. The 'nonce' of
the unsolicited Map-Reply must echo the one included in the
encapsulated packet received from the first ITR. An indication to disable data gleaning may be
included by the relay ITR (e.g., using the extension defined in
Section 3 of ). illustrates an example of an ITR
(ITR1) which encounters a loss of its mapping cache. As a result, it
generates a Map-Solicit-Request that it sends to the multicast address
@MCAST. Upon receipt of that request by ITR2 and ITR3, they each reply
with a Map-Solicit-Reply message. The first reply is used by ITR1 to
decide to which peer ITR it will redirect packets during the failure
event (ITR2). These packets are encapsulated with a LISP header and
forwarded to ITR2. Once received by ITR2, these packets are forwarded to
their ultimate ETR. In the meantime, ITR2 generates an unsolicited
Map-Reply to inform ITR1 with the mapping entries related to the
destination EID. Subsequent packets that belong to this flow are
therefore handled locally by ITR1 without soliciting ITR2. | | |
| Map-Solicit-Reply| | |
||src=RLOC_itr1 dst=RLOC_itr2| |
dst=d_EID|===Encapsulated Packet====>|src=RLOC_itr2 dst=RLOC_etr|src=s_EID
| Unsolicited Map-Reply |===Encapsulated Packet===>|-------->
||src=RLOC_itr1 dst=RLOC_etr|src=s_EID
dst=d_EID|===================Encapsulated Packet===============>|-------->
| |dst=d_EID
....
src=s_EID| |
-------->|src=RLOC_itr1 dst=RLOC_etr |src=s_EID
dst=d_EID|===================Encapsulated Packet===============>|-------->
| |dst=d_EID]]>The format of the Map-Solicit-Request message is shown in . This format follows the LISP shared extension
message defined in .The description of the fields is as follows:Type MUST be set to 15 .sub-type: MUST be set to 1026.R: MUST be set to 0 for Map-Solicit-Request messages.S: when set, this flag indicates that the originating ITR
supports a mechanism for state synchronisation of the mapping cache
between ITRs. When this flag is set, the message MUST carry the port
number, protocol, and IP Address used for synchronisation purposes.
This specification allows to indicate a distinct IP address for
state synchronisation purposes.D: This flag indicates the status of the mapping cache table. It
is RECOMMENDED to set this flag to 1 when the ITR is up and running
for at least one hour and has a non-empty mapping cache. An ITR that
lost its state MUST set this flag to 0.Nonce, Key ID, Authentication Data Length, and Authentication
Data are similar to those of a LISP Map-Register message ().IP Address: If S-bit is set, this field indicates the IP address
used to receive state synchronisation messages. If S-bit is unset,
this field MUST be set to zero at the originating ITR and MUST be
ignored at receipt. The length of this field is 128 bits. IPv4
addresses are encoded as IPv4-mapped IPv6 addresses (::ffff:0:0/96).Port Number: If the S-bit is set, this field indicates the port
number used to receive state synchronisation messages. If unset,
this field MUST be set to zero at the originating ITR and MUST be
ignored at receipt.Protocol: If the S-bit is set, this field indicates the protocol
used to transport state synchronisation messages. If unset, this
field MUST be set to zero at the originating ITR and MUST be ignored
upon receipt.An ITR that issues this message MUST use one of its unicast IP
addresses as the source address. The destination IP address MUST be set
to the @MCAST multicast address introduced in . An ITR that loses its cache MUST issue this
message with a D-bit set to 0.All ITRs of a LISP domain MUST subscribe to the multicast group
defined by the aforementioned @MCAST multicast address.Upon receipt of the Map-Solicit-Request message by an ITR within the
domain, it replies (unicast) with a Map-Solicit-Reply. It is the
responsibility of the first ITR to initiate a state synchronisation with
that peer if the D-bit and S-bit are unset and if it supports the
synchronisation protocol indicated in the Map-Solicit-Reply.ITRs of a LISP domain MUST send Map-Solicit-Reply in a regular
interval (that is configured by an administrator) or upon major change
in the ITR stats (e.g., loss of the mapping cache, change of the IP
address). This message MUST use one of the ITR unicast IP addresses as
the source address while the destination IP address MUST be set to the
@MCAST.The format of the Map-Solicit-Reply message is shown in .The description of the fields is as follows:Type MUST be set to 15 .sub-type: MUST be set to 1026.R: MUST be set to 1.S: when set, this flag indicates that the originating ITR
supports a mechanism for state synchronisation of the mapping caches
between ITRs. When set, the message MUST carry the port number,
protocol, and IP Address used for synchronisation purposes. This
specification allows to indicate a distinct IP address for state
synchronisation purposes.D: This flag indicates the status of the mapping cache table. It
is RECOMMENDED to set this flag when the ITR is up and running for
at least one hour and has a non-empty mapping cache.Nonce: The 'Nonce' field of multicast Map-Solicit-Reply MUST be
set to 0 while it MUST echo the one included in a
Map-Solicit-Request when replying to a multicast
Map-Solicit-Request.Key ID, Authentication Data Length, and Authentication Data are
similar to those of a LISP Map-Register message ().IP Address: If the S-bit is set, this field indicates the IP
address used to receive state synchronisation messages. If unset,
this field MUST be set to zero at the originating ITR and MUST be
ignored upon receipt. The length of this field is 128 bits. IPv4
addresses are encoded as IPv4-mapped IPv6 addresses (::ffff:0:0/96).Port Number: If the S-bit is set, this field indicates the port
number used to receive state synchronisation messages. If unset,
this field MUST be set to zero at the originating ITR and MUST be
ignored upon receipt.Protocol: If the S-bit is set, this field indicates the protocol
used to transport state synchronisation messages. If unset, this
field MUST be set to zero at the originating ITR and MUST be ignored
upon receipt.ITR List Count: This field indicates whether peer ITR addresses
are also included. When this field is set to 0, it indicates that no
peers other than the solicited peer ITR are known to the originating
ITR.Peer ITR Unicast Address: one or multiple IP addresses that
belong to other ITRs in the domain as known to the originating ITR.
The length of each "Peer ITR Unicast Address" is 128 bits. IPv4
addresses are encoded as IPv4-mapped IPv6 addresses
(::ffff:0:0/96).A Map-Solicit-Reply can be generated by an ITR to advertise its
availability to the other ITRs of the LISP domain, as per normal LISP
operation.When an ITR receives a LISP-encapsulated packet from an ITR that is
present in its list of peer ITRs, it may generate an unsolicited
Map-Reply that conveys the mapping entry that was used to process the
encapsulated packet.Upon failure or reboot that lead to lose the contents of its mapping
cache, an ITR uses the list of peers ITRs it discovered by means of the
Map-Solicit-Request message sent to @MCAST to redirect packets that do
not match any entry of its local cache (which is likely to be
empty).In order to minimize the risk of overloading some ITRs, a mechanism
to distribute the load among all the peer ITRs or part of them is deemed
useful. Of course, other traffic load distribution policies may be
enforced. The exact set of policies to be enforced are implementation-
and deployment-specific.LISP security considerations are discussed in .This document specifies a mechanism that enhances the serviceability
of LISP networks by redirecting traffic that do not match a local
mapping entry to other ITRs of the domain. These ITRs are assumed to
belong to the same administrative domain. Means to ensure that only
trusted ITRs are maintained in a peer list MUST be enabled.IANA has assigned the following code from the LISP Shared Extension
Message Type Sub-types ():This work is partly funded by ANR LISP-Lab project
#ANR-13-INFR-009-X.Many thanks to Chi Dung Phung for the review.